Considering a Return to Onsite Work? Here’s What You Need to Consider
As public health measures recede nationwide, many employers are reassessing their remote workforce operations to determine what the best staffing model may be going forward. Some companies have already announced they plan to have all employees return to work. Others, looking at a long-term or permanent hybrid model, have indicated they intend to increase the amount of time employees spend in the office over present levels.
While many companies that embraced remote and hybrid work have seen some productivity gains and other benefits, indefinite remote work presents challenges for most firms. Some company leaders have publicly decried remote work given the collaboration challenges it presents. Others have discussed the toll that prolonged isolation has taken on employee mental health. Some firms have found it difficult to retain the same level of corporate culture, manage employees, and provide leadership opportunities to promising talent. And, whether operational success hinges on it, there is an overwhelming desire to return to normal among many employers and workers alike, which, before the pandemic, involved work outside the home.
Yet while many businesses are gearing up to send employees back to work fully or at least more frequently than before, challenges and risks remain. While public health, labor, and business experts continue to dialogue about the workplace safety risks inherent in this shift, all companies would do well to begin to assess the operational risks involved in transitioning from a WFH environment. Doing so is especially true if a company was unprepared at the outset of the pandemic to move to remote work.
Cybersecurity Risks
“As people return to work, some of the dangers that organizations need to consider are whether the users are still functioning in a secure manner.,” says Guy Baroan, President of Baroan Technologies. “Instead of being fully ready for such as situation, many organizations needed just to get things working. Security may not have been top of mind when users needed to all of a sudden remotely access their systems and function from home. Access to their systems and being able to work were far more important than how they did it. With this came a lot of risk.”
Indeed, many firms hastily cobbled together the hardware and network resources necessary for their staff to work from home as quickly as possible, without the kind of deliberative process that would ensure that they continued to enjoy the strongest possible cybersecurity measures possible. Unfortunately, this created a raft of vulnerabilities that have emboldened cybercriminals to attack businesses, and even government agencies, more aggressively than before. One vulnerability ripe for exploitation? Widespread employee ignorance of basic cybersecurity measures and practices.
When employers began to shift to remote work, many IT staff were not allowed in their buildings to properly address [cybersecurity issues],” says Baroan. Some companies even had employees use their personal devices to complete their work. “Not everyone had the luxury to provide business-class devices that are secured and managed by the organization, so that left many to use their home systems. The same ones that their family members use, the same ones that maybe were not blocking malicious sites and programs, because some users just don’t know how to. This left the organizations in a vulnerable situation.”
This vulnerability has been on display in the news recently as more and more businesses and organizations have fallen victim to ransomware attacks. “Ransomware is one of the biggest risks that enterprises are facing,” says Nick Martin, Network Administrator at MainStreet IT solutions. “No longer does it fall square on the shoulders of IT, but it is the responsibility of each employee to understand that risk and protect the company from that risk. If employees are not properly trained in this area, not only will damage be done financially and through its reputation, but it risks the trust of its customers and investors. In today’s IT structure, it truly “takes a village” to win IT security.”
Preparing for the Return to Work
Even for companies that provided hardware to their employees, transitioning back to work should entail a “full risk review and security assessment,” Baroan notes. Ashu Singhal, President of Orion Networks, agrees. It’s important to ensure “you have updated and reviewed your firewalls, reviewed policies and any other network security you have in place.” Otherwise, firms remain vulnerable to cybercrime and fraud.
Along with Nick Allo SemTech IT Solutions‘ Director of Information Technology, he also notes the need to ensure that when workers return, they aren’t bringing vulnerabilities back with them. There should be “much-needed attention [paid] to shutting off external access once back in the office [as well as] gathering remote devices if [company] provided.” And, as per Singhal, firms should have clear policies in place to manage employees bringing external devices into the workplace in the future.
Moreover, employers must not only gather their own devices but also secure their data which “may still reside at the employee’s homes,” notes Carl Fransen, founder and CEO of CTECH Consulting Group. “Confidential corporate information may have been copied to other devices to be worked on. Personal emails may have been used to send information back and forth to the corporation. All of these areas are considered data security leaks. Since the data is outside the secure corporate perimeter, it is very difficult to legally track down which devices currently contain corporate data since they are now located on random personal devices.”
And employers should take the time needed to put new security measures in place. “As employees return to work, it’s an excellent time for management to implement better password requirement rules and to force a password reset policy,” says James Sanford, founder of Teamspring. “Many of the employees worked from non-managed devices and could have potentially been tracking user logins and passwords and making them available on the dark web. There were [also] quite a few personnel changes during the pandemic. Now is a good time to make sure ex-employees are offboarded properly.”
Hybrid Work: The Future of Staffing?
Despite the growing momentum and movement towards in-office work, remote work is not dead. Far from it. Businesses are trending towards a hybrid approach, which, in many respects, provides the best of both (on-site and remote) worlds. This staffing model is in use by many industries and is especially popular among tech companies, as per Ulistic, an MSP marketing service provider. Hybrid work environments allow employers to keep workers safe, enjoy smaller real estate footprints, and optimize on-site time for employee collaboration while employees enjoy greater work-life flexibility and less physical isolation.
Those expecting a return to fully on-site normal work should “Understand that what you once knew as the norm has not been the norm for well over a year, says Joe Cannata, owner of Techsperts, LLC. “Things will be different moving forward. Times have changed, and the work from the office model has forever been changed, and that needs to be accepted. Employees will expect their employers to adapt and not buck the new workplace norms. Hybrid work schedules will be the new norm. Employees will expect to work from home regularly at least a few days per week.” Cannata is not alone in this prediction. A recent PwC industry analysis makes the same projection, and many business publications, such as Bloomberg and BBC Worklife, are also making a note of this trend.
Adjusting to the New Normal
Craig Beam, President of MicroXpress, also agrees. “Workers have had a taste of remote work, and many really liked it. Refusing to adapt and insistence on going back to the “way things were” could potentially alienate the majority of the workforce who prefer the flexibility of working remotely. Creating an environment where your workers are happier and more productive is a win-win for everyone.”
Whatever the new normal looks like, firms should not be “in an immediate rush to return to normal,” cautions Beam. Instead, they should take the time to develop a robust transition plan that gives them the time needed to both determine the right staffing model for their workforce and make the necessary operational and security adjustments to implement. The plan should also provide employees the time they need to acclimate to the new changes.
“The pandemic has forced us into business scenarios we never imagined, and we should use this information to our benefit as we move forward,” Beam says. By objectively assessing operations throughout the pandemic, businesses can use insights from these scenarios and outcomes to optimize their workforce, improve productivity, and strengthen their cybersecurity.
